package org.duanyu.shopping_manager_api.security;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;

/**
 * security配之类
 */
@Configuration
/*
  开启鉴权配置注解
 */
@EnableMethodSecurity
public class SecurityConfig {

    @Bean
    protected SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        //自定义表单登录
        http.formLogin(
                form -> {
                    form.usernameParameter("username").passwordParameter("password")    //用户的登录名及密码
                            .loginProcessingUrl("/admin/login") //登录的路径
                            .successHandler(new MyLoginSuccessHandler()).failureHandler(new MyLoginFailureHandler());   //登录成功和登录失败处理器
                }
        );
        //权限拦截配置
        http.authorizeHttpRequests(
                resp -> {
                    resp.requestMatchers("/login", "admin/login").permitAll();//登录请求不需要认证
                    resp.anyRequest().authenticated();  //其余请求都不需要认证
                }
        );

        //退出登录配置
        http.logout(
                logout -> {
                    logout.logoutUrl("/admin/logout")   //注销路径
                            .logoutSuccessHandler(new MyLogoutSuccessHandler()) //登出成功处理器
                            .clearAuthentication(true)  //清楚认证数据
                            .invalidateHttpSession(true);   //清楚session
                }
        );

        //异常处理
        http.exceptionHandling(
                exception -> {
                    exception.authenticationEntryPoint(new MyAuthenticationEntryPoint())    //未登录处理器
                            .accessDeniedHandler(new MyAccessDeniedHandler());  //权限不足处理器
                }
        );

        //跨域访问
        http.cors();
        //关闭csrf防护
        http.csrf(
                AbstractHttpConfigurer::disable
        );
        return http.build();
    }

    //加密工具
    @Bean
    public PasswordEncoder passwordEncoder(){
        return new BCryptPasswordEncoder();
    }


}
